Total
12861 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50234 | 1 Hancom | 1 Office Cell | 2025-08-15 | 7.8 High |
| Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386. | ||||
| CVE-2024-13046 | 1 Ashlar | 1 Cobalt | 2025-08-15 | 7.8 High |
| Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24867. | ||||
| CVE-2025-53737 | 1 Microsoft | 11 365, 365 Apps, Excel and 8 more | 2025-08-15 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53732 | 1 Microsoft | 1 Office | 2025-08-15 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53741 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2025-08-15 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2021-30188 | 2 Codesys, Wago | 55 V2 Runtime System Sp, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 9.8 Critical |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | ||||
| CVE-2021-30189 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 9.8 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | ||||
| CVE-2021-30193 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 9.8 Critical |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | ||||
| CVE-2021-34583 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 High |
| Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | ||||
| CVE-2021-30186 | 2 Codesys, Wago | 56 Plcwinnt, Runtime Toolkit, 750-8202 and 53 more | 2025-08-15 | 7.5 High |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow. | ||||
| CVE-2025-5917 | 2 Libarchive, Redhat | 4 Libarchive, Enterprise Linux, Openshift and 1 more | 2025-08-15 | 2.8 Low |
| A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. | ||||
| CVE-2025-1051 | 1 Sonos | 2 Era 300, Era 300 Firmware | 2025-08-15 | N/A |
| Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865. | ||||
| CVE-2025-21017 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 6.3 Medium |
| Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-21020 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 5.7 Medium |
| Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-21021 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 5.7 Medium |
| Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-6633 | 1 Autodesk | 1 3ds Max | 2025-08-15 | 7.8 High |
| A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-2761 | 1 Gimp | 1 Gimp | 2025-08-14 | 7.8 High |
| GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100. | ||||
| CVE-2023-50235 | 1 Hancom | 1 Office Show | 2025-08-14 | 7.8 High |
| Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20387. | ||||
| CVE-2025-6663 | 2 Gstreamer, Gstreamer Project | 2 Gstreamer, Gstreamer | 2025-08-14 | N/A |
| GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381. | ||||
| CVE-2025-4421 | 1 Insyde | 1 Insydeh2o | 2025-08-14 | 8.2 High |
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | ||||